mandawilson
commented
6 years ago Yichao and I also talked about how pulling from an external file that contains markdown and converting it to HTML has an XSS vulnerability, described here: https://github.com/showdownjs/showdown/wiki/Markdown's-XSS-Vulnerability-(and-how-to-mitigate-it). We should all discuss this, but we do have control over the file we are pulling so I think it should be OK.
http://dashi-dev.cbio.mskcc.org:8080/yichao-oncotree/#/home